Ransomware Attack Disrupts Project Hospitality Services
Incident Date:
September 2, 2024
Overview
Title
Ransomware Attack Disrupts Project Hospitality Services
Victim
Project Hospitality
Attacker
Rhysida
Location
First Reported
September 2, 2024
Ransomware Attack on Project Hospitality by Rhysida
Project Hospitality, a nonprofit organization based in Staten Island, New York, has recently fallen victim to a ransomware attack orchestrated by the Rhysida group. The attack was discovered on September 3, 2024, and has been publicly claimed by Rhysida on their dark web leak site.
About Project Hospitality
Founded in 1982, Project Hospitality is dedicated to providing essential services to individuals and families who are hungry, homeless, or otherwise in need. The organization operates with a mission to assist community members in achieving self-sufficiency and improving their quality of life. They offer a wide range of services, including food distribution, emergency shelter, transitional housing, healthcare, mental health support, and substance abuse treatment. Project Hospitality serves over 5,000 residents annually and employs approximately 287 staff members, supported by more than 600 volunteers.
Attack Overview
The ransomware attack on Project Hospitality was executed by the Rhysida group, a notorious ransomware-as-a-service (RaaS) operation that emerged in May 2023. Rhysida is known for its sophisticated attacks and double extortion tactics, targeting various sectors, including healthcare, education, government, and nonprofit organizations. The group typically gains entry through compromised credentials, phishing campaigns, or exploiting vulnerabilities such as Zerologon (CVE-2020-1472).
Details of the Attack
Rhysida's attack on Project Hospitality involved encrypting files using a combination of 4096-bit RSA and ChaCha20 algorithms, appending a `.rhysida` extension to the encrypted files. The ransomware also exfiltrated sensitive data, threatening to publish it on the dark web unless a ransom is paid. The extent of the data leak remains unknown at this time. Rhysida's ransom notes, typically named "CriticalBreachDetected.pdf," instruct victims on how to pay the ransom in Bitcoin.
Vulnerabilities and Impact
Project Hospitality's extensive use of digital systems for managing client information and service delivery made it a vulnerable target for ransomware attacks. The organization's reliance on community involvement and donations further exacerbates the impact of such attacks, potentially disrupting essential services and eroding public trust. The attack underscores the importance of effective cybersecurity measures for nonprofit organizations, which often operate with limited resources.
About Rhysida
Rhysida distinguishes itself through its double extortion model, combining data encryption with the threat of data leaks. The group has targeted several high-profile victims, including the Chilean Army and Prospect Medical Holdings. Rhysida's operations are characterized by their stealthy approach, often using valid VPN and Remote Desktop Protocol (RDP) credentials for lateral movement within networks.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.